From: Thomas Lamprecht Date: Sat, 11 Nov 2023 13:51:19 +0000 (+0100) Subject: handle dropping support for building 2MB-sized firmware images X-Git-Url: https://git.proxmox.com/?p=pve-edk2-firmware.git;a=commitdiff_plain;h=8d856e1377a0ca2fac4850029ef1b2140d4ba4d7 handle dropping support for building 2MB-sized firmware images Keep a static build of the last version we supported them (2023.02) for backward compat in a new separate binary package. We can make that optional with the next major release and handle affected VMs in pve8to9. Signed-off-by: Thomas Lamprecht --- diff --git a/debian/README.Proxmox-VE b/debian/README.Proxmox-VE index ab23174..282d7a7 100644 --- a/debian/README.Proxmox-VE +++ b/debian/README.Proxmox-VE @@ -40,6 +40,8 @@ OVMF_VARS.ms.fd These images are the same as their "4M" variants, but for use with guests using a 2MB flash device. 2MB flash is no longer considered sufficient for use with Secure Boot. This is provided only for backwards compatibility. + NOTE: As 2MB support was removed with 2023.08 release, we now ship them as + static builds from our last release before that (2023.02) OVMF_CODE_4M.snakeoil.fd OVMF_VARS_4M.snakeoil.fd @@ -99,4 +101,4 @@ PkKek-1-snakeoil.pem OVMF_VARS.snakeoil.fd template. The password for the key is 'snakeoil'. - -- dann frazier , Fri, 4 Feb 2022 17:01:31 -0700 + -- Proxmox Support Team , dann frazier , Fri, 4 Feb 2022 17:01:31 -0700 diff --git a/debian/control b/debian/control index 8d642cd..f6c1462 100644 --- a/debian/control +++ b/debian/control @@ -24,9 +24,22 @@ XS-Build-Indep-Architecture: amd64 Package: pve-edk2-firmware Architecture: all -Depends: ${misc:Depends} +Depends: pve-edk2-firmware-legacy, ${misc:Depends} Multi-Arch: foreign Description: edk2 based UEFI firmware modules for virtual machines Open Virtual Machine Firmware is a build of EDK II for 64-bit, 32-bit x86 and 64-bit ARM virtual machines. It includes full support for UEFI, including Secure Boot, allowing use of UEFI in place of a traditional BIOS in your VM. + +Package: pve-edk2-firmware-legacy +Architecture: all +Depends: ${misc:Depends}, +Breaks: pve-edk2-firmware (<< 4.2023.08-1), +Multi-Arch: foreign +Description: edk2 based legacy 2MB UEFI firmware modules for virtual machines + Open Virtual Machine Firmware is a build of EDK II for 64-bit, 32-bit x86 + virtual machines. It includes full support for UEFI, including Secure Boot, + allowing use of UEFI in place of a traditional BIOS in your VM. + This packages includes a static build of legacy images that got dropped from + upstream because the small size results in to many limitations, but Proxmox VE + still needs to provide backward compat for older VMs. diff --git a/debian/legacy-2M-builds/OVMF_CODE.fd b/debian/legacy-2M-builds/OVMF_CODE.fd new file mode 100644 index 0000000..ab81b1c Binary files /dev/null and b/debian/legacy-2M-builds/OVMF_CODE.fd differ diff --git a/debian/legacy-2M-builds/OVMF_CODE.secboot.fd b/debian/legacy-2M-builds/OVMF_CODE.secboot.fd new file mode 100644 index 0000000..abb1123 Binary files /dev/null and b/debian/legacy-2M-builds/OVMF_CODE.secboot.fd differ diff --git a/debian/legacy-2M-builds/OVMF_VARS.fd b/debian/legacy-2M-builds/OVMF_VARS.fd new file mode 100644 index 0000000..3b8bb9b Binary files /dev/null and b/debian/legacy-2M-builds/OVMF_VARS.fd differ diff --git a/debian/legacy-2M-builds/OVMF_VARS.ms.fd b/debian/legacy-2M-builds/OVMF_VARS.ms.fd new file mode 100644 index 0000000..cb9b25b Binary files /dev/null and b/debian/legacy-2M-builds/OVMF_VARS.ms.fd differ diff --git a/debian/pve-edk2-firmware-legacy.install b/debian/pve-edk2-firmware-legacy.install new file mode 100644 index 0000000..1657e3f --- /dev/null +++ b/debian/pve-edk2-firmware-legacy.install @@ -0,0 +1 @@ +debian/legacy-2M-builds/* /usr/share/pve-edk2-firmware/legacy diff --git a/debian/pve-edk2-firmware-legacy.links b/debian/pve-edk2-firmware-legacy.links new file mode 100644 index 0000000..b2e20e4 --- /dev/null +++ b/debian/pve-edk2-firmware-legacy.links @@ -0,0 +1,4 @@ +usr/share/pve-edk2-firmware/legacy/OVMF_CODE.fd usr/share/pve-edk2-firmware/OVMF_CODE.fd +usr/share/pve-edk2-firmware/legacy/OVMF_CODE.secboot.fd usr/share/pve-edk2-firmware/OVMF_CODE.secboot.fd +usr/share/pve-edk2-firmware/legacy/OVMF_VARS.fd usr/share/pve-edk2-firmware/OVMF_VARS.fd +usr/share/pve-edk2-firmware/legacy/OVMF_VARS.ms.fd usr/share/pve-edk2-firmware/OVMF_VARS.ms.fd diff --git a/debian/rules b/debian/rules index eb0ee89..fd0a8bb 100755 --- a/debian/rules +++ b/debian/rules @@ -27,9 +27,7 @@ COMMON_FLAGS += -DSECURE_BOOT_ENABLE=TRUE COMMON_FLAGS += -DTPM2_ENABLE=TRUE COMMON_FLAGS += -DPVSCSI_ENABLE=TRUE OVMF_COMMON_FLAGS = $(COMMON_FLAGS) -OVMF_2M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_2MB OVMF_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB -OVMF_2M_SMM_FLAGS = $(OVMF_2M_FLAGS) -DSMM_REQUIRE=TRUE OVMF_4M_SMM_FLAGS = $(OVMF_4M_FLAGS) -DSMM_REQUIRE=TRUE OVMF32_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB OVMF32_4M_SMM_FLAGS = $(OVMF32_4M_FLAGS) -DSMM_REQUIRE=TRUE @@ -68,8 +66,8 @@ OVMF3264_BUILD_DIR = Build/Ovmf3264/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN) OVMF_ENROLL = $(OVMF3264_BUILD_DIR)/X64/EnrollDefaultKeys.efi OVMF_SHELL = $(OVMF3264_BUILD_DIR)/X64/Shell.efi OVMF_BINARIES = $(OVMF_ENROLL) $(OVMF_SHELL) -OVMF_IMAGES := $(addprefix $(OVMF_INSTALL_DIR)/,OVMF_CODE.fd OVMF_CODE_4M.fd OVMF_CODE.secboot.fd OVMF_CODE_4M.secboot.fd OVMF_VARS.fd OVMF_VARS_4M.fd) -OVMF_PREENROLLED_VARS := $(addprefix $(OVMF_INSTALL_DIR)/,OVMF_VARS.ms.fd OVMF_VARS_4M.ms.fd OVMF_VARS_4M.snakeoil.fd) +OVMF_IMAGES := $(addprefix $(OVMF_INSTALL_DIR)/,OVMF_CODE_4M.fd OVMF_CODE_4M.secboot.fd OVMF_VARS_4M.fd) +OVMF_PREENROLLED_VARS := $(addprefix $(OVMF_INSTALL_DIR)/,OVMF_VARS_4M.ms.fd OVMF_VARS_4M.snakeoil.fd) OVMF32_INSTALL_DIR = debian/ovmf32-install OVMF32_BUILD_DIR = Build/OvmfIa32/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN) @@ -106,15 +104,6 @@ build-ovmf: $(OVMF_BINARIES) $(OVMF_IMAGES) $(OVMF_PREENROLLED_VARS) $(OVMF_BINARIES) $(OVMF_IMAGES): debian/setup-build-stamp rm -rf $(OVMF_INSTALL_DIR) mkdir $(OVMF_INSTALL_DIR) - set -e; . ./edksetup.sh; \ - build -a X64 \ - -t $(EDK2_TOOLCHAIN) \ - -p OvmfPkg/OvmfPkgX64.dsc \ - $(PCD_OPTIONS) \ - $(OVMF_2M_FLAGS) -b $(BUILD_TYPE) - cp $(OVMF_BUILD_DIR)/FV/OVMF_CODE.fd \ - $(OVMF_BUILD_DIR)/FV/OVMF.fd $(OVMF_INSTALL_DIR)/ - cp $(OVMF_BUILD_DIR)/FV/OVMF_VARS.fd $(OVMF_INSTALL_DIR)/ rm -rf Build/OvmfX64 set -e; . ./edksetup.sh; \ build -a IA32 -a X64 \ @@ -127,15 +116,6 @@ $(OVMF_BINARIES) $(OVMF_IMAGES): debian/setup-build-stamp cp $(OVMF3264_BUILD_DIR)/FV/OVMF_VARS.fd \ $(OVMF_INSTALL_DIR)/OVMF_VARS_4M.fd rm -rf Build/OvmfX64 - set -e; . ./edksetup.sh; \ - build -a X64 \ - -t $(EDK2_TOOLCHAIN) \ - -p OvmfPkg/OvmfPkgX64.dsc \ - $(PCD_OPTIONS) \ - $(OVMF_2M_SMM_FLAGS) -b $(BUILD_TYPE) - cp $(OVMF_BUILD_DIR)/FV/OVMF_CODE.fd \ - $(OVMF_INSTALL_DIR)/OVMF_CODE.secboot.fd - rm -rf Build/OvmfX64 set -e; . ./edksetup.sh; \ build -a IA32 -a X64 \ -t $(EDK2_TOOLCHAIN) \ diff --git a/debian/source/include-binaries b/debian/source/include-binaries index 7195dba..2d86386 100644 --- a/debian/source/include-binaries +++ b/debian/source/include-binaries @@ -1 +1,5 @@ debian/Logo.bmp +debian/legacy-2M-builds/OVMF_VARS.ms.fd +debian/legacy-2M-builds/OVMF_VARS.fd +debian/legacy-2M-builds/OVMF_CODE.secboot.fd +debian/legacy-2M-builds/OVMF_CODE.fd